Italian universities started to sell students' privacy to big corps through email accounts
Paul Boddie
paul at boddie.org.uk
Sat Aug 22 12:41:25 UTC 2015
On Saturday 22. August 2015 10.34.24 Valentino Santori wrote:
> Hi fellows,
>
> I would like to report a very bad situation for student's privacy in
> the public education system, here in Italy. Many universities, and as
> far as I know even high schools, are migrating from self-hosted mail
> servers to propietary, big-corp's owned email accounts. This without
> any chance to refuse the creation of this account, because this is
> created during the subscription to the faculty, and without any
> privacy agreement.
I think such practices are becoming widespread, and it would be interesting to
do a survey to see which institutions are doing so.
In higher education, there is a shift towards cloud providers for basic
services like e-mail and collaboration, and here in Norway various
institutions have apparently already moved to Microsoft Office 365 in some
form [1, 2]. Indeed, it would seem that there is a sector-wide plan to adopt
Microsoft cloud-hosted products which will probably be formalised by the
coordinating organisation, UNINETT, whose Web site is poorly organised and
thus not as transparent as one might like (and whose conferences are sponsored
by some of the companies whose products they intend to roll out [3]).
Expect Skype-specific infrastructure and principally Office 365, although they
claim that they are also looking at other cloud product providers and
assessing the legality. I have also seen documents [4] describing the actual
strategy as opposed to the publicly-announced strategy.
> I can report my personal experience and others I know:
> Università Politecnica delle Marche (located in Ancona) used to adopt
> a self-hosted Squirrelmail soultion, now It's migrating to Microsoft
> Hotmail;
> Università degli studi di Ferrara is using Gmail;
> Università degli studi di Parma is using Gmail;
> Università degli studi di Bologna is using Microsoft Hotmail.
Hotmail users will undoubtedly be encouraged to move to Office 365. Meanwhile,
the nature of adoption of these cloud services may well involve reassurances
that the data won't really be held in the US or outside the country but that
some kind of "licensed cloud" will be used instead. Presumably, such a
licensed cloud would just be the use of proprietary software on taxpayer-
funded infrastructure, maybe in an even more restrictive way than traditional
proprietary software because these services are not necessarily software
products that are obtained and installed normally. (Remember the Google search
appliance and how it was a box you installed in your network?)
In reality I think that institutions will end up using Microsoft's own hosting
via what was known as their Live at edu service, which is now part of their
Office 365 offering [5]. I know from personal experience that university
decision-makers regard Microsoft as a friendly partner who would never hurt
their customers, and they appear to regard all the reports of surveillance
without any concern at all.
> In Italy laws are very strict in terms on privacy and I think that
> since we are talking about a public service this issue It's even more
> serious.
> What's your opinion about? Can we move somehow?
Well, there are laws in Norway about this, too. Hence the remark that the
legal situation is supposedly being reviewed. But in practice, various
institutions are using the Microsoft cloud products already with only some
holding back in order to legitimise the inevitable decision to use them as
well [6]. (I note this because this is how the decision-makers work: they use
a review of the suitability or legality as a cover for doing what they want
anyway, and then they announce that everything was actually fine in the end
and that their intended plan has already been carried out. You end up
discussing a decision that was taken long ago and probably mostly implemented
already.)
There is also a distinction in Norway between students and employees of
institutions. Employees, at least in the public sector, are protected by laws
that forbid data from being sent off over the Internet to some random place
where it isn't safeguarded. (I guess it's the data that is actually protected,
but then the employees cannot be pushed out into the cloud for their work-
related services because they'd be processing the data in some inappropriate
place.) Meanwhile, students appear to be commodities that can be farmed out in
the way that is cheapest for the institution.
Sorry for the long response! Can we do anything about it? If laws and
regulations about privacy and competition were upheld, maybe we could, but I
haven't seen much evidence of that going on in recent times.
Paul
[1] Just searching for "Office 365" on this page listing single sign-on
integration indicates how much it has been used:
https://www.feide.no/tilgjengelige-tjenester
[2] 70% of students and employees in the sector have Office 365 access
according to this: http://www.usit.uio.no/prosjekter/o365/
[3] Conference sponsors: https://www.uninett.no/uninett-
konferansen-2015/sponsorer
[4] http://slashdot.org/submission/2683909/end-of-the-line-for-linux-in-
norways-educational-system
[5] https://en.wikipedia.org/wiki/Live%40edu
[6] A document indicating how University of Oslo decision-makers really want
to take advantage of Microsoft bundling deals to use Office 365 while at the
same time making the necessary noises about privacy and legal requirements:
http://www.usit.uio.no/prosjekter/o365/mandat/office365-saksnotat-i-
rektoratet-190315.pdf
More information about the Discussion
mailing list